As we do work to decouple the potential risks on correlation between the incoming/outgoing connections, the forwarding of ECN has potential risk. An active attacker could embed signals over a series of packets by clearing+setting ECN bits and observing the same signal on the output side.
The end-to-end QUIC congestion control makes it so we really do want to forward ECN, so it's unclear what can be done about this risk in a way that also allows ECN to be applied on any of the hops.
This might be something to just capture as a known potential risk and downside for this use-case.
As we do work to decouple the potential risks on correlation between the incoming/outgoing connections, the forwarding of ECN has potential risk. An active attacker could embed signals over a series of packets by clearing+setting ECN bits and observing the same signal on the output side.
The end-to-end QUIC congestion control makes it so we really do want to forward ECN, so it's unclear what can be done about this risk in a way that also allows ECN to be applied on any of the hops.
This might be something to just capture as a known potential risk and downside for this use-case.